Originally published at: Beware of Copyright Infringement Link Insertion Scams - TidBITS
I’ve just worked with a reader on a type of scam that’s new to me but not to some bloggers targeted by it in the last few years. A webmaster receives what looks like a copyright infringement message claiming that an image on their site has been used without permission. (This is all too believable for many, particularly people who have been posting for years: most of us weren’t as careful about checking on usage permission in the past as we are today.) The message contains a link to the image, a link to the purportedly infringing page, and a threat to start legal proceedings if certain actions aren’t taken within five business days.
Here’s where it gets interesting. The message doesn’t ask for payment or for the page or image to be taken down. Instead, it requires that the recipient credit the image’s copyright owner and include a link. Speaking as someone who has been on the receiving end of messages from copyright trolls, it’s a huge relief not to have to worry about paying something, and where’s the harm in a quick attribution with a link?
Link insertion scams are search engine optimization hacks. These scams exploit the SEO principle that links on high-ranking or at least reputable sites provide legitimacy to linked sites, helping them move up in search results. However, the reverse is also true; Google and other search engines actively penalize sites that link to low-quality or scam websites. If being findable by search engines is important to you, don’t compromise your site with questionable links.
This sort of scam is fiendishly clever because it preys on our fears of running afoul of the legal system, which can be expensive even if you’ve done nothing wrong, and provides a seemingly simple way of satisfying the complaint.
Parts of a Copyright Infringement Link Insertion Scam
After spending a non-trivial amount of time investigating, the fact that the message was a scam became apparent, but it was a lot more subtle than most, with very few clues that someone without deep knowledge of online copyright law would see quickly.
Let’s evaluate the various parts of the message and explain some techniques you can employ to help identify similar scams.
- From: The From line looks legitimate. It’s properly formed, and there’s nothing wrong with appending a company name to the sender’s name. The only slight indication that it’s a scam is that the domain—
elitejusticeadvisors.biz
—sounds sketchy and doesn’t match the company name. It might have been possible to find problems in the message’s headers; I didn’t receive those. It’s also difficult to learn much about a domain from whois services these days; all information that might point to the entity registering a domain is now usually redacted for privacy reasons. - Subject: The subject line of “DMCA Copyright Infringement Notice” works well to increase fear since many people have heard of the DMCA (Digital Millennium Copyright Act) but don’t know much about it. What you need to understand is that the DMCA establishes a formal notice-and-takedown process for infringing works. It cannot be used to make demands for money or, as in this case, attribution. But most people won’t know that, so they’ll keep reading.
- Body text: The message does a good job of sounding like a lawyer wrote it without including the specific language required by the DMCA, which must be made under penalty of perjury. It’s not a DMCA takedown notice, so it doesn’t have to use that wording. The main thing that will give you pause is the required link URL, which points at a dubious-sounding telecom news site in Sri Lanka. Also, the infringing image is hosted at Imgur, a consumer image-hosting site known for funny pet pictures and cringeworthy GIFs. Legal firms would always use some sort of case-management site.
- Signature: The most actionable information appears in the signature, where we see the lawyer’s name and company information. It looks legitimate, and if you click through, you’ll see a website that passes inspection at a quick glance. But you can and should dig a little deeper.
Tracking Down the Law Firm
We’re accustomed to taking physical, email, and website addresses at face value because, 99.9% of the time, that’s appropriate. But it’s also what the scammer is counting on. When you click through to the company’s website, you get what looks like a legitimate law firm, complete with a picture of an office with the company’s name on a sign outside and an 800 number.
Further exploration of the site reveals pages devoted to the areas the law firm supposedly specializes in, a list of their lawyers, informational articles about various legal topics, and quotes from clients. Honestly, nothing here is wrong, exactly, but it’s strikingly generic, lacking unique markers that would instill trust. The content could be AI-generated, though it could equally as likely be copied from legitimate law firms. The attorney list is remarkably bland, with white-bread headshots and commonplace names that are hard to research online.
However, a deeper look at “Dean Parker,” the lawyer purportedly signing the scam message, reveals more cracks in the site’s legitimacy. When you do a Web search on “Dean Parker Commonwealth Legal Services,” you’ll find him at several domains pointing to the same site: justicesolutionshub.info
and cwsolutions.biz
. No legitimate law firm would use multiple domains like that. Other results bluntly say it’s a scam.
You can also confirm that this Dean Parker isn’t a real lawyer by searching the State Bar of Arizona’s member directory—most state bar associations or state courts will have a searchable directory of licensed legal professionals.
Lastly, if the website provides a headshot, as this one does, you can copy the image (Control-click it and choose Copy Image) and paste it into the TinEye reverse image search engine. The ubiquity of “generated.photos” in the results strongly suggests that the image was AI-generated.
A similar search on the company name won’t necessarily turn up anything untoward because the words are so common. However, if you search in Google for the entire block containing the company name, phone numbers, and address, you’ll have better luck. The search results will include posts explaining the scam, though you may have to scroll down to see them. You’ll get an even better answer from Perplexity, which leads with: “Based on the information provided, there are some concerning inconsistencies regarding Commonwealth Law Ltd.”
You can also check up on the address in the real world. Apple’s Maps revealed that it is actually the home of Liberty Tax and the Vintage Silver Center, but Street View in Google Maps made it blatantly clear that 3909 North 16th Street in Phoenix doesn’t have a fourth floor. Or look anything like the image on the website.
Stay Alert
There’s no need to do everything I’ve outlined here—most scams will quickly fall apart when scrutinized to any level of detail. However, it’s worth having all these techniques in your toolkit in case you need several of them to expose a scam that others haven’t already dissected.
It’s important to stay calm and not assume that a demanding email is legitimate just because it appears to come from a lawyer. If you panic and bring in your lawyer immediately, you may incur a non-trivial fee. As you can see in this case, more detailed research was more than enough to reveal the scam.
However, don’t assume that all copyright infringement messages are scams. A legitimate DMCA takedown notice will ask that you remove the content, and a real copyright infringement message will almost certainly demand payment. In both cases, take down the offending image. If you really were using an image without permission, some payment may be required, and if the amount feels excessive, contact a lawyer specializing in copyright infringement cases. They may be able to negotiate a lower payment or point out problems that will make the claim go away.